CVE-2009-2674

Severity

75%

Complexity

99%

Confidentiality

106%

Integer overflow in javaws.exe in Sun Java Web Start in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 allows context-dependent attackers to execute arbitrary code via a crafted JPEG image that is not properly handled during display to a splash screen, which triggers a heap-based buffer overflow.

Integer overflow in javaws.exe in Sun Java Web Start in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 allows context-dependent attackers to execute arbitrary code via a crafted JPEG image that is not properly handled during display to a splash screen, which triggers a heap-based buffer overflow.

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

First reported 15 years ago

2009-08-05 19:30:00

Last updated 6 years ago

2018-10-30 16:25:00

Affected Software

Sun JDK 6 Update 2

1.6.0

References

APPLE-SA-2009-09-03-1

SUSE-SA:2009:043

SUSE-SR:2009:016

SUSE-SA:2009:053

SSRT090250

36162

Vendor Advisory

36176

Vendor Advisory

36180

Vendor Advisory

36248

Vendor Advisory

37300

Vendor Advisory

37386

Vendor Advisory

GLSA-200911-02

http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1

Patch

263428

Patch, Vendor Advisory

MDVSA-2009:209

http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html

TA09-294A

US Government Resource

ADV-2009-2543

Vendor Advisory

http://www.zerodayinitiative.com/advisories/ZDI-09-050/

sun-jre-jpeg-bo(52339)

oval:org.mitre.oval:def:10073

oval:org.mitre.oval:def:8073

RHSA-2009:1200

RHSA-2009:1201

FEDORA-2009-8329

FEDORA-2009-8337

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.